Is Telecom Security Still A Concern? – Part One


In this two part series we will be answering this question, “With the emergence of RF and wireless threats, is telecom security still a concern?” The first part of this series will focus on common telephone threats with part two addressing digital and VoIP threats.

Imagine for a moment someone is trying to pirate confidential business conversations taking place over an indefinite period of time. There are 2 important physical requirements in this case for an eavesdropping device to be effective, a) power; b) concealment. One option might be to use an RF transmitter but in this case it does not meet the power requirements since batteries would have to be recharged or replaced. Free space RF energy can also be detected with a spectrum analyzer like an OSCOR™ Green or an RF detector like the CPM-700, exposing the transmitter, thereby failing to meet the second requirement.

example phoneAnother option would be to use existing microphones, speakers and communication cabling installed throughout the building. Business phones come complete with microphones, speakers, conductive cabling and a never ending power source and can be found throughout office buildings everywhere. With the right know-how, a telephone can be turned into an eavesdropping device – one that would be very difficult to detect. A common misconception among TSCM practitioners is that telephone security is about protecting conversations between 2 individuals, when in fact, with the help of a conference room telephone, whole meetings can be compromised. A phone is designed to capture audio, modulate it onto a wire, and transmit that audio signal to a receiver, kind of like an eavesdropping device.

There are a few techniques that can turn an idle phone into an open microphone – taking advantage of unused pairs or bypassing the hook-switch. Telephones use at least 1 cable pair to transmit signals; however there are typically 2 pairs run to every phone through a common category 3 phone cable. That extra unused cable pair can easily be used to pass audio from a microphone without the user being aware. Using an identical phone set, and a few small discreet components, a malicious individual could set up a hook-switch bypass, which keeps the microphone active even when the receiver is on the hook. A conference room phone could be swapped with little effort and little chance of being noticed. It would then be an open microphone allowing conversations in the room to be transmitted on the wire non-stop.

Unused wiring can also be appropriated for illicit audio transmission. Buildings that have been wired without protocols and cabling standards can end up with large amounts of surplus or discarded cable running throughout ceilings or walls. As long as copper is running through the building, even if disconnected, it can be modified to pass audio. The advantage of unused cable is that it’s generally overlooked, making it difficult to locate. These two basic telecom security vulnerabilities satisfy the power and concealment requirements.

As with most security concerns, the first step is always physical security. In the case of telephone systems, one would look at who has access to key areas of telephone, communication, and building wiring. Once that is established, the next step is a complete and thorough test of the cabling system. Even if the security assessment does not alleviate immediate concerns, it establishes a baseline from which to compare future test results and ensures no illicit activity is occurring.

Testing can be done manually with a variety of electronic tools including volt meter, CMA-100 audio amplifier, CPM-700 broadband detector, line tracer, and more. However, testing should be done by someone trained with the correct test procedures to keep from alerting attackers, or from damaging the system. Manual testing can also be enormously time consuming and often impractical, especially when it comes to conductor pair testing.


REI’s TALAN™ Telephone and Line Analyzer provides multiple tools in one product to significantly streamline the testing process. The TALAN provides the capability to perform multiple tests and includes a built-in automatic switching matrix for testing all pair combinations and stores the results for comparison.

Wireless phones have increased in the communication mix, but they haven’t replaced traditional business phones. While attention has seemingly transferred to cyber security and cell phone hacking threats, phone and wiring vulnerabilities still exist and can easily go undetected. In many ways, the threat of a telephone security breach is more relevant today than ever.

If a telephone security problem is suspected or a more disciplined approach to phone security is required, be sure to look for security professionals experienced in telephone security investigations or consider registering for training at the REI Training Center. Students who complete the TALAN Level 2, TALAN Level 3 Certification, and VoIP Level 3 courses learn and demonstrate the necessary skills to conduct thorough telephone and cable investigations.

Related Articles You May Also Enjoy:

USB Cables Can Hide A New Payload Threat

Protecting Conversations With Noise Masking

What is a GSM Bug?